Incident Response Plan

The Office of the Comptroller of the Currency (the “OCC”), Treasury; the Board of Governors of the Federal Reserve System (the “Fed Board”); and the Federal Deposit Insurance Corporation (the “FDIC” and, collectively with the OCC and the Fed Board, the “Agencies”) issued a final rule detailing notification requirements for a “computer-security incident” that rises to the level of a “notification incident.” The new rule went into effect on April 1, 2022, with a compliance date of May 1, 2022. Given the recent history of computer-security incidents and their increase in severity in recent years in the banking industry, the Agencies believed that implementing a new breach notification rule was important to allow the Agencies to assess and respond to cyberattacks.
Continue Reading Final Rule Regarding Security Incident Notification Requirements: Time to Review Your Existing Procedures and Contracts

You might think your run-of-the-mill privacy and cybersecurity training is sufficient. You might think that by “checking the box” on generic training you have fulfilled your duty and obligation to mitigate data privacy and cybersecurity attacks. You might think that general malware protection adequately secures your company’s data and you can move on with your everyday business efforts without concern.

Think again.
Continue Reading Think Again on Cybersecurity Training – Human Error Continues to Drive Numbers on Cybersecurity Attacks

ponemon-institutePreparing for a breach can greatly reduce the cost of a breach according to the Ponemon Institute. Thus, insurers reward those organizations who have taken preparatory steps and implemented defensive measures such as an incident response plan and designated a team to execute that plan. An incident response plan will identify the actions that should be taken when a data incident occurs. Having an incident response plan can result in lower premiums.

Since securing cyber liability insurance is now a
Continue Reading How an Incident Response Plan Can Reduce Your Cyber Insurance Costs

An incident response plan can lead to a better roadmap for securing cost-effective cyber liability insurance and, consequently, lower costs associated with a data breach.

The adoption of an incident response plan is a major indicator to underwriters that an organization is sophisticated and understands that incidents do occur regularly within firewall perimeters and that the organization has an early detection, containment and eradication plan in place to manage incidents, thus protecting data more effectively.

Early detection minimizes the time
Continue Reading Taft Incident Response Planning Webinar Nov. 4

Ben-FranklinFire prevention elements played a large role in the planning of Philadelphia; streets were wider than average and brick and stone were common building elements. Despite these preventive measures and the efforts of firefighters, fires did still occur. Benjamin Franklin began to study this situation and stated “About this time I wrote a paper…on the different accidents and carelessness by which houses were set on fire, with cautions against them, and means purposed of avoiding them.” In 1736 Franklin and
Continue Reading Why Benjamin Franklin Would Want to See Your Incident Response Plan

Emailing A phishing attack is the leading type of data breach. Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from a recipient.

The logic behind this type of attack is a simple reliance on human error. Statistically, if enough e-mails are sent, a sufficiently large number of recipients, who are rushed or distracted, will fail to scrutinize the IP address. They will click on the
Continue Reading The Most Common Breach Incident and How an Incident Response Plan Could Save You

speedAll companies have employee, proprietary, financial and other sensitive data that require protection. Human error is still one of the most common causes of a data breach and that is very difficult, if not impossible, to completely eradicate.  Moreover, with the recent release of the Yates Memorandum from the Department of Justice (“DOJ”), the DOJ is emphasizing best practices when dealing with individuals in connection with corporate wrongdoing.  To quote my colleague, Jackie Bennett, “…now is the time to
Continue Reading Why Do You Need an Incident Response Plan?

Northern Kentucky University’s Annual CyberSecurity Symposium
Oct. 9, 2015
NKY Mets Center
Matthew D. Lawless, presenter: “Considering Privacy and Data Security Harms.”

Technology First, 9th Annual Taste of IT Conference
Nov. 18, 2015
Sinclair Ponitz Center, Dayton, Oh
Diane D. Reynolds, panelist and Matthew D. Lawless, panel moderator.
“Cybersecurity Compliance: If it ain’t working for Anthem, Lifelock and Neiman Marcus, What am I Supposed to do for My Company?”

Indiana University Kelley School of Business’ “Indiana
Continue Reading Privacy and Data Security Attorneys Presenting at Three Upcoming Seminars

This is the first of a three-part series on the implications of cybersecurity threats on boards of directors. 

Now, more than ever, corporate boards face an immense challenge to ensure that their companies are prepared for cybersecurity threats before they occur.  It is not question of if a corporation will be hit by a cybersecurity incident or data breach, but when.

The Existing Cybersecurity Landscape and Associated Risks  

The landscape that corporate boards face has never been more treacherous, with

Continue Reading Corporate Boards: The Challenges and Risks of Maneuvering Through Cybersecurity

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability
Continue Reading Threat Intelligence – What You Should Be Doing